oss-sec mailing list archives
Re: CVE id request - clamav
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 16 Apr 2008 11:21:46 -0400 (EDT)
On Tue, 15 Apr 2008, Tomas Hoger wrote:
* Check in 0.93 patches: - libclamunrar: bb#541 (RAR - Version required to extract - Evasion) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541
CVE-2008-1835
- libclamav/spin.c: bb#876 (PeSpin Heap Overflow Vulnerability) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876
CVE-2008-0314
- libclamav/pe.c: bb#878 (Upack Buffer Overflow Vulnerability) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878
CVE-2008-1100, as already noted.
- libclamav/message.c: bb#881 (message.c: read beyond allocated region) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881
CVE-2008-1836
- libclamav/unarj.c: bb#897 (ARJ: Sample from CERT-FI hangs clamav) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=897 bug mentions CVE-2008-1387
CVE-2008-1387, confirmed.
- libclamunrar: bb#898 (RAR crashes on some fuzzed files from CERT-FI) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898
CVE-2008-1837
And even some fixes not mentioned in the changelog: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877 IDEF3001
CVE-2008-1833 - Steve ====================================================== Name: CVE-2008-0314 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314 Reference: IDEFENSE:20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876 Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value. ====================================================== Name: CVE-2008-1100 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100 Reference: MISC:http://secunia.com/secunia_research/2008-11/advisory/ Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878 Reference: BID:28756 Reference: URL:http://www.securityfocus.com/bid/28756 Reference: FRSIRT:ADV-2008-1218 Reference: URL:http://www.frsirt.com/english/advisories/2008/1218/references Reference: SECTRACK:1019837 Reference: URL:http://www.securitytracker.com/id?1019837 Reference: SECUNIA:29000 Reference: URL:http://secunia.com/advisories/29000 Reference: XF:clamav-cliscanpe-bo(41789) Reference: URL:http://xforce.iss.net/xforce/xfdb/41789 Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. ====================================================== Name: CVE-2008-1387 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 Reference: BUGTRAQ:20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387 Reference: URL:http://www.securityfocus.com/archive/1/archive/1/490863/100/0/threaded Reference: MISC:http://int21.de/cve/CVE-2008-1387-clamav.html Reference: MISC:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. ====================================================== Name: CVE-2008-1833 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833 Reference: IDEFENSE:20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877 Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary. ====================================================== Name: CVE-2008-1835 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541 ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. ====================================================== Name: CVE-2008-1836 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881 The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. ====================================================== Name: CVE-2008-1837 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898 libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Current thread:
- CVE id request - clamav Tomas Hoger (Apr 15)
- Re: CVE id request - clamav Steven M. Christey (Apr 16)